Social Security Number Sharing: Is Your Social Security Number “Yours”?

It’s happening every day. People are inadvertently sharing one of the most personal and private pieces of information, the infamous social security number (SSN). For Jonathan Barnett, the unbelievable became a reality when he discovered that nearly 50 names were connected to his SSN. The irony is that his credit report and social security earnings records are clean. The nation’s creditors, employers, and many others depend on this identity system predicated on SSNs.

In the case of Barnett, the first suspicion was upon receipt of an email from Wells Fargo Bank. In the days following his opening of an account, he received an email offering savings tips, however, the email (while sent to his proper email address) addressed him as “Pilar Sanchez.” Subsequent emails arrived, all to his email address, regarding his account, but continuously referring to him as “Pilar Sanchez.” Leary of the situation, Barnett contacted the bank, only to be informed that it was likely an error, and not to worry about it. Fortunately for Barnett, it is not in his character, thus the search for answers began.

While Barnett was suspicious about his identity records for years, each time he would obtain his credit report or social security statement they were clean. However, this time he did not let it go. In the ensuing days of researching identity theft, he found that there are types of identity theft that can potentially allow an imposter/miscreant to “share” a victim’s SSN without leaving a mark on their credit report. Barnett began calling creditors and asking if they had any accounts under his SSN. Due to the issue at hand, Barnett would enter this line of questioning without providing his name. After a barrage of calls he discovered there were multiple accounts under his SSN. The search expanded. It’s worth noting that not every creditor was forth coming. In an effort to thwart that, Barnett would simply call back multiple times until he spoke with someone willing to divulge information. One of Barnett’s initial shocks was the fact that it seemed his SSN was everywhere. He began calling every creditor he could think of and every single one of them had a record of his SSN [albeit not necessarily HIS name]. The theory of the practice he was seeing began to come into focus when he would contact creditors and after providing them with his SSN, they would ask “are you Jose Cruz?” or some other name. Barnett would simply jot this down in his notes.

Barnett exhausted many options in hoping to resolve this fraudulent activity. He contacted the FBI, the Treasury Department’s Inspector General, the Office of the Comptroller of the Currency, and even filed the activity with the Internet Computer Crime Complaint Center, all to no avail. It was in speaking with his own Credit Union that he obtained some helpful assistance (and insight) into what was occurring. Essentially, “Undocumented workers need to provide Social Security numbers when they begin a new job. Often, they provide stolen or invented SSNs. Because employers often don’t check the accuracy of the numbers, the technique is effective.” These rogue accounts are not reported on the consumer credit report. Instead, the credit bureaus may create “sub-files,” which indicate that multiple identities are associated with an SSN.

Ultimately, after facing frequent road blocks, Barnett hired Identity Guard to obtain details. The reality? Nearly 50 names were connected to his SSN. As reported by Identity Guard, “Because the SSN is not used for financial identity theft, such as opening a credit card and not paying the bill, the compromise often isn’t discovered for years.” Between Identity Guard (and reaching out to MSNBC and affiliates), Barnett is finally obtaining traction on this issue. In recent days his local police department reached out to him informing him they have found two potential suspects. It’s a start, a start down a long road indeed……..

In analyzing articles such as this, there is no doubt more questions than answers. We inherently trust our system, built upon social security numbers, to protect us. After all it’s a system developed for that exact purpose, yet it is failing us. Why should one have to do their own reconnaissance and extensive research to find out such atrocities? The nature of social security numbers is one of secrecy. Of all things in this world to hold secret, of all things to identify one’s self with certainty, of all things to be authoritative with regard to identity, the token is that infamous social security number. However, with all the weight and criticality of this piece of data/information, there are numerous flaws, a lack of due diligence (remember that concept), and many gaps it. Moreover, why should anyone have to pay for this security, when the nation’s system instituted it? That’s likened to purchasing a home, but in the days ahead having to hire someone to constantly inspect its integrity. Should you not be able to trust the craftsmanship of the home? After all there is a legal contract taking this into consideration. In fact a home inspection is part of the final process. To clarify, there is no doubt that any and everyone should do their own due diligence to ensure their own safety and well-being, however, this should be supplemental to industry practices. Where are the industry practices? Maybe it’s time to realize that “shhhh, don’t tell anyone your social security number” cannot stand as a security practice.

There is no doubt there are gaps and challenges in the system. However, what is being done to fill the gaps? Credit reporting companies and watch dog organizations are constantly showing up overnight to profit on these gaps, yet certain ominous activities are occurring which do not raise flags. “Because employers often don’t check the accuracy of provided social security numbers, the technique of undocumented workers providing stolen or invented social security numbers is successful.” This is nothing more than a short coming and lack of due diligence on the part of employers who do not perform the adequate checks. No doubt, this is an area for improvement. As with many issues there is certainly more that can be done, but once again the level of severity should signify abundant and aggressive actions given what’s at stake. The loophole that exists with regard to using their (the miscreants) own name or invented name is appalling. Rogue accounts not reported on standard consumer credit report? Really? It’s 2011, how is that not seen as an issue? Fighting to obtain information about yourself, having to be secretive about secrets. Then there are the “what ifs what if one finds their credit score to be impacted adversely? With serious consequences such as the inability to purchase a home, vehicle, insurance, or many other impacts, the ability to contact credit bureaus and work to resolution is imperative.

Regarding these “sub-files,” they seem to do more harm than good. The mere fact that “consumers are generally only able to obtain information about their own sub-file, attributed to their correct name” is a key indicator that not only is this an issue, but it is one in which the system is aware of.

While the numbers reported are eye-opening, the following statement is utterly shocking, “More than 140,000 SSNs are associated with five or more people, and 27,000 are connected to 10 or more people, according to ID Analytics.”

The only thing worse than not knowing a solution to a problem is knowing of the problem, identifying the gaps and potential solutions, but not having the ability to resolve it! It’s time to get past the “shhhh, don’t tell anyone” and start performing actions to close these gaps and shortcomings.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.